The Payment Card Industry Data Security Standard (PCI DSS) updates every three years and version 3.0 is upon us. Visa, MasterCard, and Discover require that all merchants comply with this standard to help protect credit card data.
Related, the PCI Council requires that, as of January 2015, all merchants migrate to the new version during annual PCI renewal. Therefore, if renewing after the New Year, there will be a different renewal process than in 2014. Our PCI compliance partner, Trustwave, will be introducing a new version of TrustKeeper that will include the new standards and provide tools and information to help you through the renewal process.
PCI 3.0 has significant new and expanded requirements including:
- All e-commerce previously out-of-scope for PCI is now being brought in-scope. This includes payment page redirects and hosted iframes that are marketed under different names from various providers. E-commerce will need to be addressed as part of the PCI questionnaire.
- All service providers (web hosts, payment gateway providers, etc…) that touch your credit card data must be validated PCI compliant and detailed documentation to demonstrate this will be required to be on file at the merchant. Wind River Financial is working with our partner gateways to assist with the new documentation requirements. This requirement begins in July 2015.
There are other requirements within the new standard that may impact your PCI compliance validation. We strongly encourage you to become familiar with the new requirements in preparation for the updates. A good resource is a recorded webinar from Trustwave in which they discuss the changes and how to prepare for them. The webinar which lasts about 30 minutes can be accessed here or by following this link: http://trustwave.com/Resources/Library/Webinars/PCI-3-0-is-Knocking-on-Your-Door–Are-You-Ready-/